summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDan Sinclair <dsinclair@chromium.org>2017-01-09 09:50:50 -0500
committerChromium commit bot <commit-bot@chromium.org>2017-01-09 15:32:48 +0000
commit5f92eab76505fc6be2e5373390591a55be489b21 (patch)
treea4c230681c601cccc50f1e770bf6cfd3f91fe387
parent0d164f894472b364b0673471eda49b5d4f209c96 (diff)
downloadpdfium-5f92eab76505fc6be2e5373390591a55be489b21.tar.xz
[libtiff] Validate refblackwhite values
The td_refblackwhite value is currently assigned without validation. This may pose an issue as the image can specify the value as nan. This will cause problems later when we use the nan in calcluations. This CL validates each of the float values are not nan and if they are sets them to the default provided by the TIFF spec v6. BUG=chromium:632883 Change-Id: I17b01f744d3f5247c4bd3f42765a27b611dc7d8c Reviewed-on: https://pdfium-review.googlesource.com/2151 Commit-Queue: dsinclair <dsinclair@chromium.org> Reviewed-by: Tom Sepez <tsepez@chromium.org>
-rw-r--r--third_party/libtiff/0013-validate-refblackwhite.patch19
-rw-r--r--third_party/libtiff/README.pdfium1
-rw-r--r--third_party/libtiff/tif_dir.c8
3 files changed, 28 insertions, 0 deletions
diff --git a/third_party/libtiff/0013-validate-refblackwhite.patch b/third_party/libtiff/0013-validate-refblackwhite.patch
new file mode 100644
index 0000000000..a314fbdc3f
--- /dev/null
+++ b/third_party/libtiff/0013-validate-refblackwhite.patch
@@ -0,0 +1,19 @@
+diff --git a/third_party/libtiff/tif_dir.c b/third_party/libtiff/tif_dir.c
+index 73212c02d..16ce3d3ce 100644
+--- a/third_party/libtiff/tif_dir.c
++++ b/third_party/libtiff/tif_dir.c
+@@ -426,6 +426,14 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
+ case TIFFTAG_REFERENCEBLACKWHITE:
+ /* XXX should check for null range */
+ _TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*), 6);
++ for (int i = 0; i < 6; i++) {
++ if (isnan(td->td_refblackwhite[i])) {
++ if (i % 2 == 0)
++ td->td_refblackwhite[i] = 0;
++ else
++ td->td_refblackwhite[i] = pow(2, td->td_bitspersample) - 1;
++ }
++ }
+ break;
+ case TIFFTAG_INKNAMES:
+ v = (uint16) va_arg(ap, uint16_vap);
diff --git a/third_party/libtiff/README.pdfium b/third_party/libtiff/README.pdfium
index c55fc63f36..9acd4c7f63 100644
--- a/third_party/libtiff/README.pdfium
+++ b/third_party/libtiff/README.pdfium
@@ -22,3 +22,4 @@ Local Modifications:
0010-fix-leak-imagebegin: Fix a leak when TIFFRGBAImageBegin fails
0011-fix-leak-imagebegin2: Apply upstream fix related to our previous patch
0012-initialize-tif-rawdata.patch: Initialize tif_rawdata to guard against unitialized access
+0013-validate-refblackwhite.patch: Make sure the refblackwhite values aren't nan.
diff --git a/third_party/libtiff/tif_dir.c b/third_party/libtiff/tif_dir.c
index 73212c02db..16ce3d3cee 100644
--- a/third_party/libtiff/tif_dir.c
+++ b/third_party/libtiff/tif_dir.c
@@ -426,6 +426,14 @@ _TIFFVSetField(TIFF* tif, uint32 tag, va_list ap)
case TIFFTAG_REFERENCEBLACKWHITE:
/* XXX should check for null range */
_TIFFsetFloatArray(&td->td_refblackwhite, va_arg(ap, float*), 6);
+ for (int i = 0; i < 6; i++) {
+ if (isnan(td->td_refblackwhite[i])) {
+ if (i % 2 == 0)
+ td->td_refblackwhite[i] = 0;
+ else
+ td->td_refblackwhite[i] = pow(2, td->td_bitspersample) - 1;
+ }
+ }
break;
case TIFFTAG_INKNAMES:
v = (uint16) va_arg(ap, uint16_vap);